International Journal of Advanced Technology and Engineering Exploration (IJATEE) ISSN (Print): 2394-5443 ISSN (Online): 2394-7454 Volume - 9 Issue - 89 April - 2022

  1. Google Scholar
A literature review on classification of phishing attacks

S. Chanti and T. Chithralekha

Abstract

Phishing is a type of security threat that loots users’ personal credentials such as online banking, credit card numbers, card verification value (CVV) numbers, automated teller machine (ATM) pins. Phishing scams are done by sending spoofed emails, instant messaging that carry hyperlinks that redirect the users to fake/spoofed sites, and steal their sensitive information. Phishers mainly concentrate on internet users who perform E-banking. Since these E-transactions are inevitable in today’s digital world, many anti-phishing tools are developed to secure the user from phishing attacks. This paper proposes a new definition of phishing based on the intention of phishing and a complete classification of phishing attacks starting the email phishing to the very recent ransomware. This literature provides the classification of phishing attacks and the different possible ways the attacker targets the victims. A statistical analysis on phishing attacks is performed using the data collected from anti-phishing working group (APWG) technical reports to find: (i) top three countries hosting phishing, (ii) top three most affected countries hosting phishing, (iii) top three least affected countries, (iv) top three industry sectors affected by phishing, (v) top three malware used for phishing, and (vi) hypertext transfer protocol secure (HTTPS) enabled phishing uniform resource locator (URL). This study is helpful in understanding the different ways of performing phishing attacks.

Keyword

Phishing, Pharming, Vishing, Ransomware, DNS level phishing, Credential stealing, Social engineering phishing, Malware based phishing, User information control, Domain hijacking, DNS spoofing.

Cite this article

Chanti S, Chithralekha T.A literature review on classification of phishing attacks. International Journal of Advanced Technology and Engineering Exploration. 2022;9(89):446-476. DOI:10.19101/IJATEE.2021.875031

Refference

[1]Kirda E, Kruegel C. Protecting users against phishing attacks with antiphish. In annual international computer software and applications conference 2005 (pp. 517-24). IEEE.

[2]http://www.phishing.org/history-of-phishing. Accessed 19 February 2018.

[3]Mei Y. Anti-phishing system: detecting phishing e-mail. School of Mathematics and Systems Engineering. 2008.

[4]https://dictionary.cambridge.org/dictionary/english/phishing. Accessed 8 March 2022.

[5]Yadav S, Bohra B. A review on recent phishing attacks in internet. In international conference on green computing and internet of things 2015 (pp. 1312-5). IEEE.

[6]IRONSCALES. How modern email phishing attacks have organization on the hook. 2017.

[7]APWG. APWG phishing trends report 2nd quarter 2021. 2021.

[8]Alfayoumi IS, Barhoom TS. Client â [euro] Side pharming attacks detection using authoritative domain name servers. International Journal of Computer Applications. 2015; 113(10):26-31.

[9]Ollmann G. The vishing guide. IBM Global Technology Services. 2007:1-16.

[10]PhishMe. Q1 2016 malware review. 2016; 1–15.

[11]https://www.ic3.gov/Media/PDF/AnnualReport/2015_IC3Report.pdf. Accessed 8 March 2022.

[12]Anti-phishing working group. APWG Phishing activity trends report, 2nd quarter 2012.

[13]Chanti S, Chithralekha T. Classification of anti-phishing solutions. SN Computer Science. 2020; 1(1):1-18.

[14]James D, Philip M. A novel anti phishing framework based on visual cryptography. In international conference on power, signals, controls and computation 2012 (pp. 1-5). IEEE.

[15]Krishnakumar L, Varughese NM. High speed classification of vulnerabilities in cloud computing using collaborative network security management. In international conference on advanced computing and communication systems 2013 (pp. 1-6). IEEE.

[16]https://www.bbc.com/news/world-us-canada-41116177. Accessed 30 June 2020.

[17]Musashi Y, Kumagai M, Kubota S, Sugitani K. Detection of Kaminsky DNS cache poisoning attack. In international conference on intelligent networks and intelligent systems 2011 (pp. 121-4). IEEE.

[18]https://www.cisa.gov/uscert/ncas/alerts/TA18-201A. Accessed 5 April 2022.

[19]Arshad A, Rehman AU, Javaid S, Ali TM, Sheikh JA, Azeem M. A systematic literature review on phishing and anti-phishing techniques. arXiv preprint arXiv:2104.01255. 2021.

[20]Lee J, Lee Y, Lee D, Kwon H, Shin D. Classification of attack types and analysis of attack methods for profiling phishing mail attack groups. IEEE Access. 2021; 9:80866-72.

[21]Sadiq A, Anwar M, Butt RA, Masud F, Shahzad MK, Naseem S, et al. A review of phishing attacks and countermeasures for internet of things‐based smart business applications in industry 4.0. Human Behavior and Emerging Technologies. 2021; 3(5):854-64.

[22]Jain AK, Gupta BB. A survey of phishing attack techniques, defence mechanisms and open research challenges. Enterprise Information Systems. 2021; 16(4):527-65.

[23]Aleroud A, Zhou L. Phishing environments, techniques, and countermeasures: a survey. Computers & Security. 2017; 68:160-96.

[24]Almomani A, Gupta BB, Atawneh S, Meulenberg A, Almomani E. A survey of phishing email filtering techniques. IEEE Communications Surveys & Tutorials. 2013; 15(4):2070-90.

[25]Chiew KL, Yong KS, Tan CL. A survey of phishing attacks: their types, vectors and technical approaches. Expert Systems with Applications. 2018; 106:1-20.

[26]Gupta S, Singhal A, Kapoor A. A literature survey on social engineering attacks: phishing attack. In international conference on computing, communication and automation 2016 (pp. 537-40). IEEE

[27]Jampen D, Gür G, Sutter T, Tellenbach B. Don’t click: towards an effective anti-phishing training. a comparative literature review. Human-centric Computing and Information Sciences. 2020; 10(1):1-41.

[28]Khonji M, Iraqi Y, Jones A. Phishing detection: a literature survey. IEEE Communications Surveys & Tutorials. 2013; 15(4):2091-121.

[29]Lastdrager EE. Achieving a consensual definition of phishing based on a systematic review of the literature. Crime Science. 2014; 3(1):1-10.

[30]https://www.oxfordlearnersdictionaries.com/definition/american_english/phishing. Accessed 5 April 2020.

[31]https://www.phishtank.com/what_is_phishing.php. Accessed 19 February 2020.

[32]Gupta BB, Tewari A, Jain AK, Agrawal DP. Fighting against phishing attacks: state of the art and future challenges. Neural Computing and Applications. 2017; 28(12):3629-54.

[33]https://cofense.com/phishing-ransomware-threats-soared-q1-2016/. Accessed 19 February 2020.

[34]https://www.oxfordlearnersdictionaries.com/definition/english/ransomware. Accessed 20 March 2020.

[35]https://dictionary.cambridge.org/dictionary/english/ransomware. Accessed 20 March 2022.

[36]https://www.trendmicro.com/vinfo/us/security/definition/ransomware. Accessed 19 February 2018.

[37]Murphy R. How does ransomware work. Retrieved From. 2017.

[38]https://digitalguardian.com/blog/what-is-ransomware-and-how-to-protect-against-attacks. Accessed 19 February 2018.

[39]Mouton F, Leenen L, Malan MM, Venter HS. Towards an ontological model defining the social engineering domain. In IFIP international conference on human choice and computers 2014 (pp. 266-79). Springer, Berlin, Heidelberg.

[40]Culpepper AM. Effectiveness of using red-teams to identify maritime security vulnerabilities to terrorist attack. Naval Postgraduate School Monterey Ca; 2004.

[41]Bhakta R, Harris IG. Semantic analysis of dialogs to detect social engineering attacks. In proceedings of the international conference on semantic computing 2015 (pp. 424-7). IEEE.

[42]Emigh A. The crimeware landscape: malware, phishing, identity theft and beyond. Journal of Digital Forensic Practice. 2006; 1(3):245-60.

[43]Huang H, Zhong S, Tan J. Browser-side countermeasures for deceptive phishing attack. In fifth international conference on information assurance and security 2009 (pp. 352-5). IEEE.

[44]https://www.phishing.org/phishing-techniques. Accessed 21 March 2021.

[45]https://usa.kaspersky.com/resource-center/definitions/spear-phishing. Accessed 19 February 2018.

[46]Caputo DD, Pfleeger SL, Freeman JD, Johnson ME. Going spear phishing: exploring embedded training and awareness. IEEE Security & Privacy. 2013; 12(1):28-38.

[47]Castiglione A, Prisco RD, Santis AD. Do you trust your phone? In international conference on electronic commerce and web technologies 2009 (pp. 50-61). Springer, Berlin, Heidelberg.

[48]Silic M, Back A. The dark side of social networking sites: understanding phishing risks. Computers in Human Behavior. 2016; 60:35-43.

[49]Abad C. The economy of phishing: a survey of the operations of the phishing market. 2005.

[50]Ganesan S. Detection of phishing websites using classification algorithms. In cyber security and digital forensics 2022 (pp. 129-41). Springer, Singapore.

[51]Suri RK, Tomar DS, Sahu DR. An approach to perceive tabnabbing attack. International Journal of Scientific & Technology Research. 2012; 1:90-4.

[52]Singh A, Tripathy S. TabSol: an efficient framework to defend Tabnabbing. In international conference on information technology 2014 (pp. 173-8). IEEE.

[53]Li X, Geng G, Yan Z, Chen Y, Lee X. Phishing detection based on newly registered domains. In international conference on big data 2016 (pp. 3685-92). IEEE.

[54]Chen G, Johnson MF, Marupally PR, Singireddy NK, Yin X, Paruchuri V. Combating typo-squatting for safer browsing. In international conference on advanced information networking and applications workshops 2009 (pp. 31-6). IEEE.

[55]Patel J, Panchal SD. A survey on pharming attack detection and prevention methodology. IOSR Journal of Computer Engineering. 2013; 9(1):66-72.

[56]Emilin SC. Detecting and preventing phishing websites DPPWS. Anna University. 2014.

[57]https://securelist.com/the-rio-olympics-scammers-already-competing/74754/. Accessed 19 December 2019.

[58]Mishra M, Jain A. Anti-phishing techniques: a review. International Journal of Engineering Research and Applications. 2012; 2(2):350-5.

[59]Zhenfang ZH. Study on computer Trojan horse virus and its prevention. International Journal of Engineering and Applied Sciences. 2015; 2(8):257840.

[60]Li C, Jiang W, Zou X. Botnet: survey and case study. In fourth international conference on innovative computing, information and control 2009 (pp. 1184-7). IEEE.

[61]Micro T. Botnet threats and solutions: phishing. 2006.

[62]Damopoulos D, Kambourakis G, Gritzalis S. From keyloggers to touchloggers: take the rough with the smooth. Computers & security. 2013; 32:102-14.

[63]Divya R, Muthukumarasamy S. An impervious QR-based visual authentication protocols to prevent black-bag cryptanalysis. In 9th international conference on intelligent systems and control 2015 (pp. 1-6). IEEE.

[64]Yaokumah W. Predicting and explaining cyber ethics with ethical theories. International Journal of Cyber Warfare and Terrorism. 2020; 10(2):46-63.

[65]Gastellier-prevost S, Laurent M. Defeating pharming attacks at the client-side. In 5th international conference on network and system security 2011 (pp. 33-40). IEEE.

[66]Gastellier-prevost S, Granadillo GG, Laurent M. Decisive heuristics to differentiate legitimate from phishing sites. In conference on network and information systems security 2011 (pp. 1-9). IEEE.

[67]Jackson C, Barth A, Bortz A, Shao W, Boneh D. Protecting browsers from DNS rebinding attacks. ACM Transactions on the Web. 2009; 3(1):1-26.

[68]Sarbazi-azad H, Zomaya AY. Large scale network-centric distributed systems. John Wiley & Sons; 2013.

[69]Kim YG, Cho S, Lee JS, Lee MS, Kim IH, Kim SH. Method for evaluating the security risk of a website against phishing attacks. In international conference on intelligence and security informatics 2008 (pp. 21-31). Springer, Berlin, Heidelberg.

[70]Kaur D, Kaur P. Empirical analysis of web attacks. Procedia Computer Science. 2016; 78:298-306.

[71]Houser R, Hao S, Li Z, Liu D, Cotton C, Wang H. A comprehensive measurement-based investigation of DNS hijacking. In international symposium on reliable distributed systems 2021 (pp. 210-21). IEEE.

[72]Karlof CK. Human factors in web authentication. University of California, Berkeley; 2009.

[73]Stamm S, Ramzan Z, Jakobsson M. Drive-by pharming. In international conference on information and communications security 2007 (pp. 495-506). Springer, Berlin, Heidelberg.

[74]Gastellier-prevost S, Granadillo GG, Laurent M. A dual approach to detect pharming attacks at the client-side. In IFIP international conference on new technologies, mobility and security 2011 (pp. 1-5). IEEE.

[75]Purkait S. DHCP-enabled LAN prone to phishing attacks. IUP Journal of Information Technology. 2013; 9(1):24-40.

[76]Steadman J, Scott-hayward S. DNSxD: detecting data exfiltration over DNS. In conference on network function virtualization and software defined networks (NFV-SDN) 2018 (pp. 1-6). IEEE.

[77]Farnham G, Atlasis A. Detecting DNS tunneling. SANS Institute InfoSec Reading Room. 2013; 9:1-32.

[78]Maksutov AA, Cherepanov IA, Alekseev MS. Detection and prevention of DNS spoofing attacks. In Siberian symposium on data science and engineering 2017 (pp. 84-7). IEEE.

[79]Jaworski S. Using splunk to detect DNS tunneling. SANS Institute InfoSec Reading Room. 2016.

[80]Steinhoff U, Wiesmaier A, Araújo R. The state of the art in DNS spoofing. In proceeding of international conferences applied cryptography and network security (ACNS) 2006.

[81]Mcgrath DK, Kalafut A, Gupta M. Phishing infrastructure fluxes all the way. IEEE Security & Privacy. 2009; 7(5):21-8.

[82]Holz T, Gorecki C, Rieck K, Freiling FC. Measuring and detecting fast-flux service networks. InNdss 2008.

[83]Zhou S. A survey on fast-flux attacks. Information Security Journal: A Global Perspective. 2015; 24(4-6):79-97.

[84]Gupta M. Pharming attack designs. In encyclopedia of information ethics and security 2007 (pp. 520-6). IGI Global.

[85]Kathrine GJ, Praise PM, Rose AA, Kalaivani EC. Variants of phishing attacks and their detection techniques. In international conference on trends in electronics and informatics 2019 (pp. 255-9). IEEE.

[86]Blasi M. Techniques for detecting zero day phishing websites. Iowa State University; 2009.

[87]Bu SJ, Cho SB. Integrating deep learning with first-order logic programmed constraints for zero-day phishing attack detection. In international conference on acoustics, speech and signal processing 2021 (pp. 2685-9). IEEE.

[88]Ronald F. Clayton. E Y Technical Intelligence Analysis - WannaCry Attack. 2017.

[89]Tandon A, Nayyar A. A comprehensive survey on ransomware attack: a growing havoc cyberthreat. Data Management, Analytics and Innovation. 2019:403-20.

[90]Mohurle S, Patil M. A brief study of wannacry threat: ransomware attack 2017. International Journal of Advanced Research in Computer Science. 2017; 8(5):1938-40.

[91]https://blog.google/threat-analysis-group/findings-covid-19-and-online-security-threats/. Accessed 20 March 2022.

[92]https://apwg.org/trendsreports/. Accessed 20 March 2022.

[93]https://openphish.com/. Accessed 20 March 2022.

[94]http://www.phishtank.com/index.php. Accessed 20 March 2022.

[95]Cameron AC, Windmeijer FA. An R-squared measure of goodness of fit for some common nonlinear regression models. Journal of Econometrics. 1997; 77(2):329-42.

[96]Akossou AY, Palm R. Impact of data structure on the estimators R-square and adjusted R-square in linear regression. International Journal of Mathematics Computation. 2013; 20(3):84-93.

[97]https://www.microsoft.com/security/blog/2017/02/14/ransomware-2016-threat-landscape-review/. Accessed 29 August 2021.

[98]https://securelist.com/wannacry-ransomware-used-in-widespread-attacks-all-over-the-world/78351/. Accessed 19 February 2018.

[99]Das S, Nippert-eng C, Camp LJ. Evaluating user susceptibility to phishing attacks. Information & Computer Security. 2022; 30(1).

[100]Abuadbba A, Wang S, Almashor M, Ahmed ME, Gaire R, Camtepe S, et al. Towards web phishing detection limitations and mitigation. arXiv preprint arXiv:2204.00985. 2022.

[101]APWG. APWG phishing trends report 4th quarter. 2021.